\documentclass[a4paper]{article}
\usepackage{indentfirst} 
\title{Codecaps Revocation in Intrusion-Tolerant Overlay Networks}
\date{}
\begin{document}
\maketitle
\clearpage
\begin{abstract}
Codecaps are novel capabilities, which are combinations of X.509 certificates and JavaScript code. Codecaps enables principals to access services with the specific rights. In intrusion-tolerant overlay networks, in order to achieve codecaps revocation fast, Fireflies protocol is used to disseminate certificate revocation list as soon as possible. With Fireflies, the network is able to scale gracefully, as well as tolerating Byzantine members with high probability.
\end{abstract}
\clearpage
\tableofcontents
\clearpage
\section{INTRODUCTION}
There are several approaches to control access to the data in the system. The most common one is to have each object maintain a list of the access rights of users that want to access the object. The implementation is called Access Control List (ACL). An ACL is a list of permissions attached to an object. It specifies which users or processes have access rights to the object, and what operations can be posed on the object. In an access control list, if you want to change the operation rights or remove a user, you have to modify the ACL manually. If some users move in and out frequently, it will pose burden to system administrators a lot. In addition, in distributed system, it's hard to maintain the namespace of user identities, resource identifiers.\newline
\indent Another approach is using capabilities. A capability is a token, ticket, or key that gives the possessor permission to access an entity or object in a computer system. When a client issues a request to the object, the service provider is not interested in if the client is known to it. The service provider needs only to check if the capability is valid and whether the requested operation is listed in the capability. \newline
\indent A capability is actually a certificate. Each client carries a certificate. When the client wants to request a resource, he hands over his certificate to the service provider. To guarantee the certificate is genuine and has not been tempered with, it should be protected by means of a digital signature.
\newline \indent Mechanisms are needed to revoke certificate, when the private key has been compromised or invalidated. \section{BACKGROUND}
\indent In public key infrastructure, public-key distribution takes place by means of public-key certificates.Such a certificate consists of a public key together with a string identifying the entity to which that key is associated.The public key and identifier have together been signed by a certification authority, and this signature has been placed on the certificate as well.Signing takes place by means of a private key that belongs to the certification authority.\newline \indent It's not secure for the certification authority to issue lifelong certificates. We need a mechanism to revoke the certificate publicly so that all other entities know that the certificate is not valid any more. One common way is with a Certificate Revocation Lists (CRL). Whenever a client checks a certificate, the client first checks if the certificate is on the Certificate Revocation List. It means the client has to contact the certification authority frequently, which will incur overhead. What's more, since the client contacts the certification authority within every fixed time period, the client doesn't get the list right away. Alternatively, Online Certificate Status Protocol offers a real-time mechanism to get the certificate status. It provides the client with the specific certificate status which the client request, with less network overhead.
\subsection{Codecaps}
A codecap (code capability) is a novel kind of capability. It contains embedded code which can be executed to check if the entity has right to access the resource. Obviously, the set of right is not predefined, but can be evolved as needed. 
\subsection{Fireflies}
In an intrusion overlay network, Fireflies can provide correct nodes with a reasonably current view of which nodes are live. Fireflies protocol can disseminate information changes very quickly. 
\subsection{Requirement Definition}
Nowadays, it's getting increasingly popular to upload data to the cloud, which is composed of cluster servers without central controlling point. Under this condition, the system administrator has to modify ACLs manually, which is not efficient.Capabilities with embedded executable rights functions, or codecaps, offer much more flexible and fine-grained approach to control the access rights, as well as rights delegation, rights amplification. Revoking codecaps should also be taken into consideration. Once a codecap is revoked, the revocation list should be propagated to other entities in the overlay network as soon as possible. 
\newline \indent The goal is to devise and construct a prototype of a scalable and reliable Internet service that minimize the time it takes from an revocation is issued to when it can efficiently block the invalidated codecap. The proposed solution must consider important non-functional aspects like reliability and scalability. Because codecaps are based on standard X.509 public key certificates, this thesis should take established and relevant standards like the Online Certificate Status Protocol (OCSP) into consideration.
\section{DESIGN}
\end{document}
